Facebook expands Bug Bounty program

Remember Facebook’s Bug Bounty program, which was launched last year to reward researchers who find holes in the social network? Well, Facebook announced today that it will be expanding the scope of its Bug Bounty program. Not only are researchers invited to search for weaknesses in Facebook, but the infrastructure of the network itself. From the official Facebook page, possible weaknesses now include: Cross-Site Scripting, Cross-Site Request Forgery, Broken Authentication, Circumvention of Facebook’s Platform/Privacy permission models, Remote Code Execution, Privilege Escalation, and Provisioning Errors.

Like before, the minimum reward is $500, researchers must be the first to disclose the bug, and have to give Facebook a reasonable time to respond to their reports before going public with the information. Sounds fair enough, though I’m not too sure how much other companies are paying for these bug hunt expeditions. Read up more here.